我的API:
from rest_framework.authentication import BasicAuthentication
"""A simple API for file upload."""
class FileUploadView(APIView):
parser_classes = (MultiPartParser,)
authentication_classes = (BasicAuthentication,)
@method_decorator(csrf_exempt)
def dispatch(self, request, *args, **kwargs):
return super(FileUploadView, self).dispatch(request, *args, **kwargs)
def put(self, request):
print "request:", str(request.META)
print "request:", str(request.user.username)
try:
data = {'files': 'testing'}
response = Response(data)
except Exception as e:
print "Exception when put file:", e
data = { 'error' : str(e) }
response = Response(data)
return response
以上是我的API views.py。我用邮递员去做PUT。我没有在标题授权中添加任何内容(请求标头中没有HTTP_AUTHORIZATION),我可以将 {'文件':' testing'} 作为我的回复
为什么呢?有什么遗失?感谢
答案 0 :(得分:0)
您添加了身份验证类,但未限制对视图的访问。默认情况下,DRF具有不受限制的访问权限。请参阅文档部分:
如果未指定,此设置默认允许不受限制的访问:
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.AllowAny',
)